Fortify for GitHub

Supported Products

Fortify on Demand Scan

Integrate your Static Application Security Testing (SAST) into your GitHub workflow with Fortify on Demand. This GitHub Action sets up the Fortify on Demand (FoD) Uploader – also referred to as the FoD Universal CI Tool, allowing you to:

Github

Generate SARIF from Fortify on Demand

This GitHub Action invokes the Fortify on Demand (FoD) API to generate a SARIF log file of Static Application Security Testing (SAST) results. The SARIF output is optimized for subsequent import into GitHub to display vulnerabilities in the Security Code Scanning Alerts.

Fortify ScanCentral Scan

Integrate Static Application Security Testing (SAST) into your GitHub workflows with Fortify. This GitHub Action sets up the Fortify ScanCentral Client, allowing you to:

  • Downloads, extracts and caches the specified version of the Fortify ScanCentral Client zip file
  • Adds the Fortify ScanCentral Client bin-directory to the path

These are the most common use cases for this GitHub Action:

  • Start a SAST scan on a ScanCentral environment; note that the ScanCentral Controller must be accessible from the GitHub Runner where the workflow is running.
  • Start a scan on Fortify on Demand (FoD), utilizing ScanCentral Client for packaging only;
  • Install

Generate SARIF from Fortify Software Security Center (SSC)

This GitHub Action invokes the Fortify Software Security Center (SSC) API to generate a SARIF log file of Static Application Security Testing (SAST) results. The SARIF output is optimized for subsequent import into GitHub to display vulnerabilities in the Security Code Scanning Alerts.

The primary use case for this action is after completion of a Fortify SCA or ScanCentral SAST scan.

Fortify-related projects developed by Fortify Professional Services

Includes the following:

  • FortifyBugTrackerUtility – Automated submission of FoD and SSC vulnerabilities to external systems
  • FortifySyncFoDToSSC – Utility to synchronize FoD releases and scan results to SSC
  • fortify-integration-maven-webinspect – WebInspect Maven Plugin
  • fortify-ssc-parser-owasp-dependency-check – Fortify SSC Parser Plugin for OWASP Dependency Check results
  • fortify-ssc-parser-tenable-io-cs – Fortify SSC Parser Plugin for Tenable.io Container Security results
  • fortify-ssc-parser-burp – Fortify SSC Parser Plugin for BURP Suite
  • Install

About GitHub

GitHub is a development platform used by developers to host and review code, manage projects, and build software.

github
release-rel-2021-5-1-6194 | Wed May 5 23:32:16 PDT 2021
6194
release/rel-2021-5-1-6194
Wed May 5 23:32:16 PDT 2021